Ask
Reply
Solution
26-04-2016 11:09 PM
Hi,
Both Google and Samsung have committed to monthly security patching cycles. This aligns with current best practice security management.
https://groups.google.com/forum/#!forum/android-security-updates
http://security.samsungmobile.com/smrupdate.html
What is Vodafone's stance on this? Can we expect these updates to be passed along to Samsung users in a timely fashion? I haven't been able to find an official statement on it.
Thanks
ej
27-04-2016 06:07 AM
Hello @cornasdf
This is Vodafones Statement on Firmware for their Branded handsets.
Aside from this Vodafone do not make any further comment.
Current Phone >
Samsung Galaxy s²³ Ultra 512gb Phantom Black.
27-04-2016 10:07 AM
Thanks for the response @bandofbrothers.
The firmware statement can be translated as 'we feel no obligation to our customers security and we will get updates out after we have added our bloatware'. (does anybody ever think, 'oh good, here is some vodafone softare for my phone'?)
Nexus line and iPhones are doing this right but somehow the manufacturers and the carriers still retain the veto power on updates for most android lines. It leads to insecurity and, with these phones becoming more and more integral to our daily lives, the amount of data to be stolen or misused is getting very high.
Hopefully, the next massive data breach that is done through unpatched phones isn't too bad so we can wake up and start patching our phones before the really bad ones become more frequent.
27-04-2016 10:13 AM
You're welcome @cornasdf
Personally I use an iPhone and like the idea that iOS is pushed out by Apple direct to owners. The only say the networks have is a Carrier Update.
Its maybe due to Android being fractured in the way of its availability to certain models of phone and they they are tinkered with by the networks before releasing it for their customers branded phones. They want to ensure anything new does not create a problem with their phones. Can you imaging the outcry if they ok'd a release then causing issues.
iOS is different as its created and owned by Apple.
Current Phone >
Samsung Galaxy s²³ Ultra 512gb Phantom Black.
27-04-2016 10:26 AM
Yes, I think your analysis is mostly correct. I thnk Jobs was very good at getting his way in corporate negotiations and rammed the updating thing through. Android is too fractured to force that through (and Google hasn't forced it, for some reason). I think Nexus phones do patch directly (but that maybe because they are just completely carrier unbranded).
But that is the history, we have shown the update model to be working and necessary for security. The arguement that they need to throughly test it is specious, in my opinion. I can bring any unbranded phone onto the network and they send me a few text messages to configure it. Besides, we are not talking about random scriptkiddie updates but rather official updates from Google (which currently manages Nexus and Chrome patches excellently). The kewl kids that are running alternative firmwares are already getting their patches from another source with no problems (and much more timely).
It feels to me like they are stuck in an old paradigm and it is going to bite them. I just hope it doesn't hurt me too badly when they get bit. If any carrier starts offering direct patching, i would move to them.
Getting rid of the stupid carrier branded apps forced down our throat is just a bonus... B)
27-04-2016 10:47 AM
I do agree about apps that are sent with firmware etc.
Even Apple do this with theirs and say it's hard to allow users to delete them as they are integrated into other system features of the iPhone / iPad. Some owners don't mind these pushed Apps and some do.
I started a thread not too long ago about Apple looking at letting these apps be deleted.
I'm currently looking at the Samsung Galaxy s7 Edge if the next iPhone does not tick my wants and needs boxes. I'll be buying sim free , unbranded.
Current Phone >
Samsung Galaxy s²³ Ultra 512gb Phantom Black.
27-04-2016 01:55 PM
Here is the latest monthly patch list from google. 6 critical exploits patched, 4 remote code executions. Not sure if these were disclosed previously, but now that the fix is out, the exploit is effectively public.
http://source.android.com/security/bulletin/2016-04-02.html
I am really torn on the galaxy s7 edge. I am going to really miss removable batteries as I travel a lot. I am also worried about the edge hampering rather than enhancing functionality. but, I do require fingerprint, love wireless charging, like removable storage, and have been generally happy w/ the S, S3,S4,S5. Decisions, decisions... B)
27-04-2016 02:02 PM
I believe a recent patch that was released was to improve the use of the edge and its usage. Apparently it was too sensitive.
Current Phone >
Samsung Galaxy s²³ Ultra 512gb Phantom Black.
12-05-2016 11:32 AM
I've upgraded to a S7 Edge and got an additonal line for girlfriend also an S7 Edge and the stuff that came on it is next to nothing like her old S4 Galaxy which was full of crap, out of the 32GB internal memory 9GB was used but she hasn't gone through it like I will be doing when I get mine today.
I think Google don't force push out security updates via firmware is because it's not on there own device and since Andorid is sort of freeware can't any one say otherwise like Vodafone since handsets are under there brand it's them who can dictate what they want out.
08-07-2016 07:16 PM